Amid privacy concerns and after a decade-long battle, the U.S. Cybersecurity Information Sharing Act (CISA) of 2015 was passed. Critics claim CISA is a surveillance bill in disguise; proponents claim the act provides a needed legal framework for information sharing. Can CISA actually improve cyberdefense without risking privacy? Are there unforeseen roadblocks? What about STIX/TAXII?